Liu receives NSF grant for Computer Systems Research

Alex Liu, Associate Professor of Computer Science and Engineering at
Michigan State University, has received a three-year research grant from
the Computer Systems Research program at NSF. The title of the project
is "Behavior Based User Authentication for Mobile Devices".

The widely used password/PIN/pattern based authentication solutions for
mobile devices are susceptible to shoulder surfing (as mobile devices
are often used in public settings where shoulder surfing often happens
either purposely or inadvertently) and smudge attacks (as oily residues
left by fingers on touch screens can be recognized by imposters) and are
sometimes inconvenient for users to input when they are walking or
driving. In this project, Liu proposes BEAT, a behavior based user
authentication approach for touch screen devices. Rather than
authenticating users solely based on what they input (such as a
password/PIN/pattern), which is inherently subject to shoulder surfing
and smudge attacks, BEAT authenticates users based on how they input.
Specifically, BEAT first asks a user to perform certain actions, such as
gestures/signatures, on touch screens and then uses the behavior feature
information (such as velocity magnitude and device acceleration)
extracted from the actions to authenticate the user based on machine
learning techniques. The intuition behind the proposed approach is that
people have consistent and distinguishing behavior of performing
gestures and signatures on touch screens. Compared with current user
authentication schemes for touch screen devices, the proposed approach
is significantly more difficult to compromise because it is nearly
impossible for imposters to reproduce the behavior of others doing
gestures/signatures through shoulder surfing or smudge attacks - they
can see it, but they cannot do it.

This project represents the first effort towards developing behavior
based user authentication approaches based on machine learning
techniques for touch screen devices. The PI reveals many new
observations (such as people often exhibit different behaviors when they
perform the same action under different types of postures such as
standing and sitting) and proposes many new concepts. This project will
advance the knowledge and understanding of behavior based user
authentication on touch screen devices. This is potentially
transformative research with high-impact. If successful, this project
will not only yield a theoretical foundation for behavior based user
authentication on touch screen devices but also invite future research
along this direction. This work was started and the prototype was developed in collaboration with Microsoft Research.